From d4da1bb5ab2b8bb08ec6662262fb6b2e3fdafeef Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 16 Feb 2017 09:51:56 +0000 Subject: [PATCH] Update CHANGES and NEWS for new release Reviewed-by: Richard Levitte --- CHANGES | 15 ++++++++++++++- NEWS | 6 +++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 8b27bd5634..3e91a0899e 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ - Changes between 1.1.0a and 1.1.1 [xx XXX xxxx] + Changes between 1.1.0e and 1.1.1 [xx XXX xxxx] *) Add support for SipHash [Todd Short] @@ -24,6 +24,19 @@ *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd. [Emilia Käsper] + Changes between 1.1.0d and 1.1.0e [16 Feb 2017] + + *) Encrypt-Then-Mac renegotiation crash + + During a renegotiation handshake if the Encrypt-Then-Mac extension is + negotiated where it was not in the original handshake (or vice-versa) then + this can cause OpenSSL to crash (dependant on ciphersuite). Both clients + and servers are affected. + + This issue was reported to OpenSSL by Joe Orton (Red Hat). + (CVE-2017-3733) + [Matt Caswell] + Changes between 1.1.0c and 1.1.0d [26 Jan 2017] *) Truncated packet could crash via OOB read diff --git a/NEWS b/NEWS index 34312cd052..0852bd323c 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,14 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.1 [under development] + Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.1 [under development] o + Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017] + + o Encrypt-Then-Mac renegotiation crash (CVE-2017-3733) + Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017] o Truncated packet could crash via OOB read (CVE-2017-3731) -- 2.34.1